Cyber Security Basics

A common example of a call we receive is, “I need your help. My spouse just identified that someone has hacked into our PayPal account and is withdrawing $1,700 per month. We have contacted our bank, but they are not willing to help. We contacted PayPal, and they indicated that they have ACH number. We are afraid that they have all our other accounts, passwords, and contact information. Can you help?” Cyber security isn’t household talk yet, but people are learning about its possibilities, and the risks they take when operating in the digital world.

Common Types of Cyber Attacks

Individuals and small business owners are becoming increasingly aware of common types of Cyber Attacks, but rarely are they aware of all the different ways they can happen. These attacks can include (but aren’t limited to) locking them out of their business files, defacing their websites, or stealing money. The most common cyber security attacks are:

• Malware – a specific kind of software that’s designed to cause damage, disrupt, or create access to a computer system or network.
• Phishing – when a scam is set up to impersonate a reputable person or company in order to acquire personal / sensitive information directly from a user – such as passwords and credit card numbers.
• Man-in-the-middle attack (MITM) – this is an intrusion that involves a third party that intercepts, monitors, and alters communications between two parties without them knowing. For example, being able to intercept chat messages with a banker.
• Distributed Denial-of-Service (DDoS) – when an attacker overloads a network resource, such as a website, rendering it unusable for its intended users
• SQL injection – A SQL injection is when an attacker accesses a database and alters its code in order to exploit it, such as coding it to extract private customer information from your private business records.
• Zero-day exploit – This type of attack is particularly dangerous, because it happens long before the users in question are aware of the exploited vulnerability. The attack happens the same day the vulnerability is identified by the attacker, before the user is ever made aware of the specific gap in security.
• DNS Tunnelling – It is one of the most damaging DNS attacks. It encodes the data of other programs or protocols in DNS queries and responses. It often includes payloads that can be added to an attacked DNS server and used to control a remote server and applications.
• Business Email Compromise (BEC) – An attacker impersonates a corporate email address, impersonating an individual in order to exploit and/or manipulate the user(s).
• Cryptojacking – When an attacker installs malware on a user’s device in order to mine / steal cryptocurrency without their consent.
• Drive-by Attack – A drive by attack is when a malicious piece of software is downloaded to your device without your consent, and potentially, without your knowledge. You may not know this code ends up in your device at all, or you may think you’re downloading one thing, but you’re actually downloading something harmful.
• Cross-site scripting (XSS) attacks – When malicious code is injected into an otherwise trustworthy website, with the intention of exploiting the users who visit that site.
• Password Attack – A cyber attacker uses a host of possible passwords on a user’s security systems, hoping that one of them works (usually banking on the idea that people often repeat passwords).
• Eavesdropping attack – Similar to a “man in the middle” attack, this involves an attacker “snooping” or “eavesdropping” on communications without the users’ knowledge, in an attempt to acquire sensitive information.
• Al-Powered Attacks – An aggressive and targeted cyber attack that uses artificial intelligence to determine the most vulnerable security points in your system.
• IoT-Based Attacks – Internet of things (IoT) is easily one of the most versatile technologies in existence today. It is the primary force behind the biggest distributed denial of services (DDoS) botnet attacks for some time. Numerous IoT device manufacturers continue to ship products that cannot be properly secured.

Unfortunately, most individuals and small business owners do not carry cybersecurity insurance, or have enough money stowed away to afford a full incident response lifecycle. This typical lifecycle includes preparation, detection & analysis, containment & eradication, and post incident activity.

These attackers usually first analyze their target (reconnaissance), then they initialize an exploitation to intrude the network. Once established, they will then start to dig into your systems. They will try to move across your network quickly, looking for further exploitable data to take advantage of. Once they find the key data to collect, they exfiltrate and exploit the information. Once they have hit this phase, they are usually in and out of your network rather quickly.

How Cyber Security Works

It is unnerving because you don’t know if your system is clean, or if they have placed spyware on your system that watches your every move. The cybersecurity industry processes consist of the following segments:

• Proactive Protection – Hardware and software to keep your systems secure
• Monitoring – Scanning logs to detect intrusions or gaps
• Consulting – Analyze your business in order to receive pointed security recommendations
• Incident Response – Analyze a security breach in order to assess damage and recovery of data or funds
• Recovery – Recover any lost data or business functions that were negatively impacted by the data breach

Cyber Attacks – What To Do

If you are locked out of your business systems, your web site has been defaced, or you have lost money, then you require Incident Response services. Understanding your networked media, passwords, roles within the network, who belongs to which user group, and the privileges each staffer is granted are all required when preparing to deal with an incident. It is important to identify patient zero, so to speak, but most of the time, that’s rather unclear at first. Detecting how the network was compromised is critical to identifying, isolating, and eradicating any harmful factors that have been left behind.

Depending upon the network, this may take several ten-hour days to several weeks. Once the threats have been identified, contained, and eradicated, then you’ll need a follow up, post-incident action recommendation to ensure that this doesn’t happen again.

If an individual or small business is not able to activate an incident response team, then the following steps are your best bet to achieve a resolution and minimize damage:

• Unplug your internet connection
• Find a Password Manager: (Last Pass, One Pass, etc….)
• Change all your passwords
• Authorize 2-Party Verification
• File a Police Report to your local authority
• File an IC3 Report to the FBI
• Run a malware & anti-virus scan
• (Stole money?) Contact your financial institutions

Unfortunately, it will be rare that the individuals causing this havoc will be caught, but following these suggestions and you will be better prepared then most and hackers usually go for the weakest target.

When we get a call like the one we discussed above, we notify them that if a hacker has their ACH number, they would usually get in and get out with as much money as possible in as little time as possible. We might even mention that there could be some sort of payment schedule to a bill they don’t remember.

On this particular example, we received a notification days later explaining that this was exactly the case. It was a loan payment that was forgotten about, but they did implement the suggestions above, and already feel safer and more informed.

If you think you’re a victim of a cyber security attack, don’t hesitate to call us at (866) 786-5700. We will consult with you to see if your suspicions are valid, and then scope out the work accordingly. We’re here for you.